IBM QRadar as a Service



Similar documents
IBM Websphere Application Server as a Service

IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager

QRadar SIEM and FireEye MPS Integration

IBM Security Intelligence Strategy

IBM Security IBM Corporation IBM Corporation

Boosting enterprise security with integrated log management

How to Choose the Right Security Information and Event Management (SIEM) Solution

IBM QRadar Security Intelligence April 2013

What is Security Intelligence?

IBM QRadar Security Intelligence Platform appliances

Q1 Labs Corporate Overview

IBM G-Cloud Application Systems Management as a Service

IBM SECURITY QRADAR INCIDENT FORENSICS

Ecom Infotech. Page 1 of 6

QRadar SIEM and Zscaler Nanolog Streaming Service

IBM Security QRadar Vulnerability Manager

QRadar Security Management Appliances

IBM Security QRadar SIEM Product Overview

Log management & SIEM: QRadar Security Intelligence Platform

Strengthen security with intelligent identity and access management

Safeguarding the cloud with IBM Dynamic Cloud Security

Minder. simplifying IT. All-in-one solution to monitor Network, Server, Application & Log Data

Security strategies to stay off the Børsen front page

The SIEM Evaluator s Guide

Securing and protecting the organization s most sensitive data

IBM Security X-Force Threat Intelligence

Extreme Networks Security Analytics G2 Vulnerability Manager

The webinar will begin shortly

Service Definition Document

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

Vulnerability Management

How To Buy Nitro Security

Information Technology Policy

Extreme Networks Security Analytics G2 Risk Manager

QRadar Security Intelligence Platform Appliances

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Caretower s SIEM Managed Security Services

IBM Security Intrusion Prevention Solutions

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Continuous Network Monitoring

SecureVue Product Brochure

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

How To Protect Your Network From Attack From A Network Security Threat

IBM's Fraud and Abuse, Analytics and Management Solution

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

Endpoint Security for DeltaV Systems

Security Intelligence Solutions

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

Leverage security intelligence for retail organizations

Security management solutions White paper. Extend business reach with a robust security infrastructure.

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

BlackStratus for Managed Service Providers

Introducing IBM s Advanced Threat Protection Platform

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

What is SIEM? Security Information and Event Management. Comes in a software format or as an appliance.

nfx One for Managed Service Providers

IBM Web Server as a Service

Compliance Management, made easy

QRadar SIEM 6.3 Datasheet

WEBSENSE TRITON SOLUTIONS

Extending security intelligence with big data solutions

IBM Tivoli Netcool network management solutions for enterprise

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

The Benefits of an Integrated Approach to Security in the Cloud

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Five Ways to Use Security Intelligence to Pass Your HIPAA Audit

IBM Security Privileged Identity Manager helps prevent insider threats

SANS Top 20 Critical Controls for Effective Cyber Defense

How To Protect Your Cloud From Attack

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

IBM Advanced Threat Protection Solution

IBM G-Cloud Microsoft Windows Active Directory as a Service

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

ARS v2.0. Solution Brief. ARS v2.0. EventTracker Enterprise v7.x. Publication Date: July 22, 2014

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

IBM Cloud Builder Professional Services. and Remote Managed Services

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

Win the race against time to stay ahead of cybercriminals

Enterprise Security Solutions

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements

Discover & Investigate Advanced Threats. OVERVIEW

Transcription:

Government Efficiency through Innovative Reform IBM QRadar as a Service Service Definition Copyright IBM Corporation 2014

Table of Contents IBM Cloud Overview... 2 IBM/Sentinel PaaS... 2 QRadar... 2 Major differentiators... 3 Main Product Features... 3 Main Technical Features... 5 Use Cases... 6 Example use cases... 6 Information Assurance and Security... 6 Service Options and SLA's... 6 Pricing Structure... 7 Overview of pricing structure... 7 Free trial options... 7 Further Information... 7 IBM Corporation 17 December 2014 i

IBM CLOUD OVERVIEW The demands of your applications are unique, so IBM offers a variety of Cloud options on G-Cloud. Our Clouds are located in the UK and are suitable for both OFFICIAL and OFFICIAL SENSITIVE data. For applications that need a low-cost highly scalable Linux or Windows self-service platform that can be provisioned within hours, then our SoftLayer public cloud is an attractive option. Softlayer is unusual in that you can optionally enhance both performance and security by specifying bare metal servers that are dedicated to you on your own VLAN. For organisations needing additional levels of security and monitoring, IBM offers a Community Cloud for UK Public Sector clients. This builds upon the Softlayer public cloud but adds additional dedicated security and proactive monitoring to meet public sector client needs. For applications that must be kept in a Government-only Cloud then IBM/Sentinel PaaS is an alternative option. IBM recognises that moving from traditional outsourced environments to managing your own Cloud environments can be difficult, so to smooth the path we offer PaaS Services in partnership with SCC on their Sentinel Cloud. These can be used as building blocks to deliver your system - whether it be a single web server or a complex system built of 50 or more interconnected servers. IBM/SENTINEL PAAS This offering is one of a set of Platform as a Service offerings which IBM has created in collaboration with SCC. The combination of the SCC Sentinel cloud infrastructure (which has been proven to be robust and secure) with the addition of an OS and software layer which is delivered and managed by IBM, gives you a sound platform on which to build your system. IBM has put together a set of over 20 basic PaaS offerings, giving everything from a basic Web server, through to advanced components such as Analytics. The offerings include standard Open Source products, alongside robust COTS products. If the product you need isn t there, then not to worry we have a Generic Platform as a Service too you supply the license, we will build and manage the server for you. The offerings can be provided individually to complement an existing system, or can be put together to form a new system the choice is yours. QRADAR IBM QRadar Security Intelligence Platform integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified solution. By using intelligence, integration and automation to provide 360-degree security insight, this solution delivers superior threat detection, greater ease of use and potentially lower total cost of ownership. Organisations today are exposed to a greater volume and variety of attacks than in the past. Advanced attackers are clever and patient, leaving just a whisper of their presence. The QRadar Security Intelligence Platform is an integrated family of products that can help detect threats that otherwise would be missed. It helps detect and defend against threats by applying sophisticated analytics to more types of data. In doing so, it helps identify high-priority incidents that might otherwise get lost in the noise. IBM Corporation 17 December 2014 2

Offering highlights IBM QRadar Security Intelligence Platform can help solve a number of business problems including: Consolidating audit data silos into one integrated solution Identifying insider theft and fraud Managing vulnerabilities, configurations, compliance and risks Conducting forensic investigations of incidents and offenses Addressing regulatory mandates IBM QRadar gives a route to find true offences as highlighted in Figure 1. Figure 1: IBM QRadar - embedded intelligence to find true offenses Major differentiators Provides a comprehensive SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics capability. Can be deployed quickly and effectively on proven secure Cloud infrastructure MAIN PRODUCT FEATURES The QRadar Security Intelligence Platform uses intelligence, integration and automation designed to deliver security and compliance benefits that are invaluable on today s smarter planet, where instrumented, interconnected and intelligent businesses collect, process, use and store more information than ever before. This is all provided in a single all-in-one virtual appliance within a IBM Corporation 17 December 2014 3

secure cloud. The appliance provides a web console, and collects information from across your estate, including events and network flows as required. Consolidate data silos Although a wealth of information exists in organisations; log, network flow and business process data, this information is often held in silos and ignored or underutilised. QRadar converges network, security and operations views into a unified and flexible solution. It breaks down the walls between silos by correlating logs with network flows and a multitude of other data, presenting virtually all relevant information on a single screen. This helps enable superior threat detection and a much richer view of enterprise activity. Detect insider fraud Some of the gravest threats to an organisation come from the inside, yet organisations often lack the intelligence needed to detect malicious insiders or outside parties that have compromised user accounts. By combining user and application monitoring with application-layer network visibility, organisations can better detect meaningful deviations from normal activity, helping to stop an attack before it completes. Predict and remediate risks and vulnerabilities Security, network and infrastructure teams strive to manage risk by identifying vulnerabilities and prioritizing remediation before a breach occurs. The QRadar Security Intelligence Platform integrates risk, configuration and vulnerability management with SIEM capabilities, including correlation and network flow analytics, to help provide better insight into critical vulnerabilities. As a result, organisations can remediate risks more effectively and efficiently. Conduct Forensics Analysis QRadar integrated incident forensics helps IT security teams reduce the time spent investigating security incidents, and eliminates the need for specialised training. It expands security data searches to include full packet captures and digitally stored text, voice, and image documents. It helps present clarity around what happened when, who was involved, and what data was IBM Corporation 17 December 2014 4

accessed or transferred in a security incident. As a result, it helps remediate a network breach and can help prevent it from succeeding again. Address regulatory compliance mandates Many organisations wrestle with passing compliance audits while having to perform data collection, monitoring and reporting with increasingly limited resources. To automate and simplify compliance tasks, QRadar provides collection, correlation and reporting on compliance-related activity, backed by numerous out-of-the-box report templates. Leveraging easier-to-use security analytics The QRadar Security Intelligence Platform provides a unified architecture for storing, correlating, querying and reporting on log, flow, vulnerability, and malevolent user and asset data. It combines sophisticated analytics with out-of-the-box rules, reports and dashboards. While it is powerful and scalable enough for major government agencies, it is also intuitive and flexible enough for small and midsize organisations. Users benefit from potentially faster time to value, lower cost of ownership, greater agility, and enhanced protection against security and compliance risks. Intelligence By analysing more types of data and using more analytics techniques, QRadar can often detect threats missed by other solutions and help provide network visibility that others cannot. Integration With a common application platform, database and user interface, this platform delivers massive log management scale without compromising the real-time intelligence of SIEM and network behaviour analytics. It provides a common solution for all searching, correlation, anomaly detection and reporting functions. A single, intuitive user interface provides seamless access to all log management, flow analysis, incident management, configuration management, risk and vulnerability management, incident forensics, dashboard and reporting functions. Automation The QRadar Security Intelligence Platform is simple to deploy and manage, offering extensive outof-the-box integration modules and security intelligence content. By automating many asset discovery, data normalization and tuning functions, while providing out-of-the box rules and reports, the solution is designed to reduce the complexity that often cripples other products. Why IBM? IBM operates the world s broadest security research, development and delivery organization. This comprises 10 security operations centres, nine IBM Research centres, 11 software security development labs and an Institute for Advanced Security with chapters in the United States, Europe and Asia Pacific. IBM solutions empower organizations to reduce their security vulnerabilities and focus more on the success of their strategic initiatives. These products build on the threat intelligence expertise of the IBM X-Force research and development team to provide a pre-emptive approach to security. As a trusted partner in security, IBM delivers the solutions to keep the entire enterprise infrastructure, including the cloud, protected from the latest security risks. MAIN TECHNICAL FEATURES This offering includes the following: IBM Corporation 17 December 2014 5

QRadar capability layered on top of the SCC Sentinel cloud you purchase a Silver server from SCC, alongside this offering. All of the flexibility of the SCC Sentinel Cloud, with the additional benefits of the QRadar software and IBM Systems Management Pay as you go model Flexible environments Built upon industry standard components and services. USE CASES Example use cases Home Office Challenge: A Home Office programme had a requirement for an SIEM capability to be deployed within an existing system. Solution: A QRadar capability was deployed to collect Audit event records from all servers and environments, enabling GPG13 compliant reporting to be implemented Benefits: A rapid and cost effective deployment of a GPG13 compliant capability INFORMATION ASSURANCE AND SECURITY This offering is suitable for assets classified as OFFICIAL or OFFICIAL-SENSITIVE under Government Security Classifications. All datacentres are highly resilient Tier3+, UK based. IBM staff which work on the system are Security Cleared and based in the UK. SERVICE OPTIONS AND SLA'S This offering includes; Proactive monitoring of the platform from 8am-6pm Mon-Fri and 9am-5pm Sat/Sun and UK Bank Holidays Initial response to system alerts e.g. restart of failed process or node using procedures provided by the client Escalation of any issues which are not resolved to the individual or organisation nominated by the client. This offering provides a single non-clustered virtual All-in-one QRadar server. This can be subsequently configured using the standard features provided within the product. This offering is designed to provide a QRadar platform which comes deployed on a secure cloud. An established and experienced team will build and monitor your server and will provide an initial response to an alert, along with a mechanism to get the client team involved should the issue be more complex. IBM Corporation 17 December 2014 6

Additional services can be provided over and above the basic offering. PRICING STRUCTURE Overview of pricing structure This offering layers on top of SCC s Silver Sentinel Cloud IaaS servers. They require the GPG13 option to also be purchased. Build price - one off per server (up to 100 Events Per Second and 15,000 Flows) - 8,073.71 Uplift for additional 100 Events per Second up to 500 Events Per Second - 1,766.91 Uplift for 500 to 1,000 Events Per Second - 7,272.49 Uplift for 1,000 to 2,500 Events Per Second - 15,161.62 Uplift for 2,500 to 5,000 Events Per Second - 23,763.21 Uplift for 15,000 to 25,000 Flows - 1,766.91 Uplift for 25,000 to 50,000 Flows - 8,271.01 Uplift for 50,000 to 100,000 Flows - 11,804.84 Uplift for 100,000 to 200,000 Flows - 27,911.54 Price per server per month (up to 100 Events Per Second, and 15,000 Flows) - 300.74 Uplift per month for additional 100 Events per Second up to 500 Events Per Second - 29.18 Uplift per month for 500 to 1,000 Events Per Second - 120.08 Uplift per month for 1,000 to 2,500 Events Per Second - 250.35 Uplift per month for 2,500 to 5,000 Events Per Second - 392.38 Uplift per month for 15,000 to 25,000 Flows - 29.18 Uplift per month for 25,000 to 50,000 Flows - 136.57 Uplift per month for 50,000 to 100,000 Flows - 194.92 Uplift per month for 100,000 to 200,000 Flows - 460.88 Any additional services will be priced based on the IBM GCloud Rate Card. Free trial options Not available. FURTHER INFORMATION Further details on IBM QRadar can be found here: http://www-03.ibm.com/software/products/en/qradar IBM Corporation 17 December 2014 7

IBM United Kingdom Limited PO Box 41 Western Road North Harbour Portsmouth Hampshire PO6 3AU Date: 17 December 2014 Version: 1.0 IBM Corporation 17 December 2014 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information